For security concerns, needed to set GCP Compute Engine instance to not have External IP (external ip = None). In that case, it defaults to Identity Aware Proxy. IAP - to the same targets - does succeed from other machines, but not some in my data center.
Even after fully configuring gcloud logging in/authenticating and:
gcloud config set project $PROJECTNAME
gcloud config set compute/zone us-central1-c
then running: gcloud compute ssh $INSTANCENAME --tunnel-through-iap
Returns:
command-line: line 0: Bad configuration option: ProxyUseFdpass
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Unclear whether this points to a ssh_config issue or something else, but this is not my area, so am a bit lost and not seeing other related things to this error. Any thoughts? The desired behavior is to not get the error on ProxyUseFdpass. And, for ssh to connect successfully.
I also ran gcloud compute ssh $INSTANCENAME --tunnel-through-iap --dry-run, and what gets returned match the results from successful places that connect.
Also, check if the "Private Google access" is turned-on for the subnet. This will allow the Google services to reach your VM. I had the same problem and turning on "Private Google access" solved the issue for me.
Related
We have a VM Instance in Google Cloud that is being used by two user. We want to create another user the can be accessible by both. We chose the user ubuntu for that like in AWS. But the problem is we can login when running the following command.
gcloud compute --project "project" ssh --zone "us-east1-b" "gpunew3"
It's showing the following error.
ubuntu#35.196.254.72: Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
What can be the possible way to achieve this.
I suspect a key pair mismatch. Please run the follow command to remove the private key file:
rm .ssh/google_compute_engine
Then run your command to ssh again, which will recreate a new key pair.
I had the same problem before,and i fixed it by adding my public key in VM Instance and then connect to VM Instance by ssh like this
ssh VM External IP
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
I cannot get ssh access into the vm instance created by Google Cloud command line tool (gcloud).
Symptom:
sudo gcloud compute ssh myuser#ubuntu
ssh: connect to host 104.155.16.104 port 22: Connection refused
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
What I did:
1: Verify that firewall is open on port 22
gcloud compute firewall-rules list
returned
NAME NETWORK SRC_RANGES RULES SRC_TAGS TARGET_TAGS
allow-rstudio default 0.0.0.0/0 tcp:8787 allow-rstudio
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443
https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
2: Renew public key
ssh-keygen -t rsa -f ~/.ssh/google_compute_engine -C myuser
3: Update metadata with new public key
sudo gcloud compute ssh myuser#ubuntu
Updating project ssh metadata...
Updating project ssh metadata...done.
Waiting for SSH key to propagate.
Then, still the same error message:
ssh: connect to host 35.187.38.82 port 22: Connection refused
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
I should add that I could access ssh until today, and of course, I did authentication before with
gcloud auth login
SSH from the Google Cloud web interface works! What is different there?
Would be grateful for any help!!
After a long search, I finally found the underlying reason for this tricky problem. I hope that this will help some people in desperation...
The reason you may get your ssh connection refused is that accidentally, the internal routing for external ip requests was deleted. You can check this by:
gcloud compute routes list
If this does not return a list including the following entry:
default-internet default 0.0.0.0/0 default-internet-gateway 1000
Then you must re-create this entry by:
gcloud compute routes create default-internet \
--destination-range 0.0.0.0/0 \
--next-hop-gateway default-internet-gateway
In my case, after I made an upgrade of the GCP instance (just added more processor and memory).
My Circle CI deploy started throwing:
Authentication failed.
Exited with code 255
After a couple of hours trying to figure out what messed up, I found that the contents of the /etc/ssh/sshd_config was emptied with no reason at all.
What fixed my problem is to recreate this file and restart the ssh service.
Note: PasswordAuthentication should be set to:
PasswordAuthentication no
For the poor, suffering souls who stumble upon this.
The following works for me with consistency:
On your machine in gcloud CLI run gcloud init and go through the
prompts.
The end. I hope this helps you my dear, internet fellow-sufferer.
My scenario was that I was running a nohup process on the instance, all of a sudden the process stopped working.
After spending a lot of time investigating, I found that the instance itself hung-up. We miss small things like that, getting caught debugging the bigger problem
Check if you're able to ping your instance. If not, restart it and ssh, it will work fine. This is one of the solutions.
Hi I am still learning docker's wonderful magical world. I use docker on linux with docker-machine I already added 2 already existing Linux servers with the docker-machine create and successfully run my containers on them. Now I try to do the same with an already existing google compute engine based machine which has Linux too. I use the command:
docker-machine create --driver generic --generic-ip-address ipaddress --generic- ssh-key path_To_Key --generic-ssh-user user_Name machine_Name
And I get an error:
Error creating machine: Error checking the host: Error checking and/or
regenerating the certs: There was an error validating certificates for
host "X.X.X.X:2376": dial tcp X.X.X.X:2376: i/o timeout You can
attempt to regenerate them using 'docker-machine regenerate-certs
[name]'.
Then the docker-machine does not know it's ip But I seems to give it a command trought docker-machine ssh
Altough I am not able to log in with ssh anywhere else and I must stop/remove the created machine and restart it.
Anyone has a similar problem?
According to generic driver's page at docker docs, try to edit --generic-ip-address=ip_address with equal sign.
My overall-goal is to run scikit-scripts on GCE and therefore I try to use Anaconda/IPython (which I use on my desktop) on GCE.
I am following this tutorial here (https://cloud.google.com/dataproc/tutorials/jupyter-notebook#verify_cluster_and_notebook_creation) but struggling on the following step:
gcloud compute ssh --zone=<master-host-zone> \
--ssh-flag="-D 1080" --ssh-flag="-N" --ssh-flag="-n" <master-host-name>
My console always responds with the following error message and I have no idea what is wrong:
unknown option "-D 1080"
Thanks for your help!
This makes sense because on Windows, gcloud compute ssh uses PuTTY for SSH; the PuTTY client doesn't respect the -D flag. You'll have to use PuTTY-specific options for creating an SSH tunnel; I'm not a Windows user so I don't know what those are.
I'll get the tutorial updated.
I cannot ssh from my computer into the server hosted on Google Cloud.
I tried the normal ssh-keygen with user#domain.com and uploading the public key, which worked last time, but this time it didn't. The issue started after I changed the password for the account. After that I could no longer ssh or sftp into the account, although I wasn't disconnected until I disconnected.
I then tried the gcloud ssh user#instance and it ran fine and told me it just hasn't propagated yet.
I added AllowUsers user to the server's ssh config file and I restarted ssh on the server, but still the same result
Here's the error:
Permission denied (publickey).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Update:
I've been working with Google tech support and this issue is still unresolvable. A file called authorized_keys permissions keep getting changed on boot to another user, who I also cannot log in as.
So I change it to:
thisUser:www-data 755
but on boot it changes it to:
otherUser:otherUser 600
There are a couple of things in order to fix this. You can take advantage of the metadata feature in GCE and add a startup script that would automatically change the permissions.
From the developers console, go to your Instance > Metadata and add a pair of Key/value
key : startup-script
value: chmod 755 /home/your_user/.ssh/authorized_keys OR chmod 755 ~/.ssh
after rebooting you should check the Serial Ouput option further down that page and see if it ran on startup. it should show you something along these lines :
startup script found in metadata.
startupscript: Running startup script /var/run/google.startup.script
Further information can be found HERE
Hope that helps!
I solved this by deleting the existing ssh key under Custom metadata in the VM settings. I then could login on ssh